Auto-sync enabled
FlatlyPage
Modern flat design framework
v1.0.0 53 files
PriviMetrics
Privacy-focused analytics
v1.0.9 42 files

FlatlyPage

Version 1.0.0 • 54 files • 724.77 KB
Files
.htaccess .last_check admin/account.php admin/dashboard.php admin/easyedit.js admin/extensions.php admin/generate-hash.php admin/index.php admin/logout.php admin/preview.php admin/scripts.php admin/theme-edit/builder.php admin/theme-edit/generator.php admin/theme-edit/index.php admin/themes.php assets/fonts/inter/inter.css assets/fonts/space-grotesk/space-grotesk.css config.php contact-handler.php contact.php css/admin.css css/contact.css css/styles.css css/theme.css data/.htaccess data/index.php data/settings.php data/sitemap-config.php engine/index.php engine/renderion.php extensions-loader.php extensions/privimetrics/main.php extensions/privimetrics/manifest.xml extensions/scroll_to_top/main.php extensions/scroll_to_top/manifest.xml extensions/seo_image_master/main.php extensions/seo_image_master/manifest.xml favicons.txt index.php newsletter/.htaccess newsletter/confirm.php newsletter/manager.php newsletter/newsletter-form.js newsletter/newsletter-styles.css newsletter/newsletter-unavailable.php newsletter/newsletter.sql newsletter/settings.php newsletter/subscribe.php newsletter/unsubscribe.php page.php robots.txt.php sitemap.php updater/index.php version.txt
.htaccess
# Modern PHP CMS - URL Rewriting
# Apache mod_rewrite configuration

RewriteEngine On

# Force HTTPS (uncomment in production)
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Remove .php and .html extensions from URLs
RewriteCond %{THE_REQUEST} \s/([^\s]+)\.(php|html) [NC]
RewriteRule ^ /%1 [R=301,L,NE]

# Protect sensitive directories - block direct access to data folder
RewriteRule ^data/.*\.php$ - [F,L]
RewriteRule ^data/.*\.json$ - [F,L]
RewriteRule ^config\.php$ - [F,L]
RewriteRule ^themes\.css$ - [F,L]

# BLOCK PHP execution inside extensions
RewriteRule ^extensions/.*\.php$ - [F,L]

# ALLOW static assets from extensions
RewriteRule ^extensions/.*\.(css|js|png|jpg|jpeg|gif|svg|webp|woff|woff2|ttf|eot|map|html)$ - [L]

# Admin routes
RewriteRule ^admin$ /admin/index.php [L]
RewriteRule ^admin/$ /admin/index.php [L]
RewriteRule ^admin/dashboard$ /admin/dashboard.php [L]
RewriteRule ^admin/logout$ /admin/logout.php [L]
RewriteRule ^admin/generate-hash$ /admin/generate-hash.php [L]

# Skip existing files and directories
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]

# Check if .php version exists
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+)$ $1.php [L]

# Check if .html version exists
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.+)$ $1.html [L]

# Page slug routing - catch-all for custom pages
# Routes like /about, /services, /contact etc.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-zA-Z0-9\-]+)$ /page.php?slug=$1 [L,QSA]

# Security Headers (if mod_headers is enabled)
<IfModule mod_headers.c>
    # Prevent MIME type sniffing
    Header set X-Content-Type-Options "nosniff"
    # XSS Protection
    Header set X-XSS-Protection "1; mode=block"
    
    # Clickjacking protection
    Header set X-Frame-Options "SAMEORIGIN"
    
    # Referrer Policy
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Disable directory listing
Options -Indexes

# Protect .htaccess
<Files .htaccess>
    Order allow,deny
    Deny from all
</Files>

# Block access to data files directly
<FilesMatch "\.(php)$">
    <If "%{REQUEST_URI} =~ m#^/data/#">
        Require all denied
    </If>
</FilesMatch>

# Cache static assets
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

# Compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript
    AddOutputFilterByType DEFLATE application/json
</IfModule>

# PHP settings (if allowed)
<IfModule mod_php.c>
    php_flag display_errors Off
    php_flag log_errors On
    php_value error_log /path/to/error.log
</IfModule>